This blog post is an excerpt from GovLoop’s recent research report conducted in partnership with DLT and Symantec, Detecting Threats in the Federal Government. To download the full report, head here.
To best understand the critical functions of the NIST Cybersecurity Framework, it is helpful to think about the framework as just that – a foundation or blueprint to build a very secure environment for your data. Each of the five functions is a critical component to building that safe environment. For example, Identify is the foundation of the house you are building – knowing what you want and what you already have. The Protect function gives you plans for how you want to give yourself protection – with walls, a roof, etc. Once your house is built and sturdy, you want tools to make sure you’re keeping it protected.
That’s where the Detect function comes into play. You wouldn’t build a house without installing an alarm system or smoke alarms. Those sort of tools alert you to potential dangers that are trying to harm your house. The Detect function does the same for your cybersecurity posture. This function detects cybersecurity events and problems that might be occurring on your network that you need to investigate further. And according to NIST, the true definition of the function is to “develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.”
In the Detect function, there are only three categories, but they are especially critical for the public sector, which may lag in detection capabilities or the ability to quickly respond to identified threats.
- Anomalies and Events: Anomalous activity is detected in a timely manner and the potential impact of events is understood.
- Security Continuous Monitoring: The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
- Detection Processes: Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
It’s clear why the Detect function of the NIST CSF is critical for the public sector to take seriously. So, is the federal government taking threat detection seriously? Download the full report to find out.